+++ /dev/null
-From 0a0e233a0c25593f817b6d9ed48fb2d2fd080870 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Sun, 14 Nov 2021 13:28:34 -0500
-Subject: tracing: Add length protection to histogram string copies
-
-From: Steven Rostedt (VMware) <rostedt@goodmis.org>
-
-[ Upstream commit 938aa33f14657c9ed9deea348b7d6f14b6d69cb7 ]
-
-The string copies to the histogram storage has a max size of 256 bytes
-(defined by MAX_FILTER_STR_VAL). Only the string size of the event field
-needs to be copied to the event storage, but no more than what is in the
-event storage. Although nothing should be bigger than 256 bytes, there's
-no protection against overwriting of the storage if one day there is.
-
-Copy no more than the destination size, and enforce it.
-
-Also had to turn MAX_FILTER_STR_VAL into an unsigned int, to keep the
-min() comparison of the string sizes of comparable types.
-
-Link: https://lore.kernel.org/all/CAHk-=wjREUihCGrtRBwfX47y_KrLCGjiq3t6QtoNJpmVrAEb1w@mail.gmail.com/
-Link: https://lkml.kernel.org/r/20211114132834.183429a4@rorschach.local.home
-
-Cc: Ingo Molnar <mingo@kernel.org>
-Cc: Andrew Morton <akpm@linux-foundation.org>
-Cc: Tom Zanussi <zanussi@kernel.org>
-Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
-Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
-Fixes: 63f84ae6b82b ("tracing/histogram: Do not copy the fixed-size char array field over the field size")
-Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- include/linux/trace_events.h | 2 +-
- kernel/trace/trace_events_hist.c | 9 +++++++--
- 2 files changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/include/linux/trace_events.h b/include/linux/trace_events.h
-index 30a8cdcfd4a4f..41cf69b4516bd 100644
---- a/include/linux/trace_events.h
-+++ b/include/linux/trace_events.h
-@@ -425,7 +425,7 @@ struct trace_event_file {
-
- #define PERF_MAX_TRACE_SIZE 2048
-
--#define MAX_FILTER_STR_VAL 256 /* Should handle KSYM_SYMBOL_LEN */
-+#define MAX_FILTER_STR_VAL 256U /* Should handle KSYM_SYMBOL_LEN */
-
- enum event_trigger_type {
- ETT_NONE = (0),
-diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c
-index 8b33a3c872750..37aa8e33f5635 100644
---- a/kernel/trace/trace_events_hist.c
-+++ b/kernel/trace/trace_events_hist.c
-@@ -3530,8 +3530,10 @@ static inline void __update_field_vars(struct tracing_map_elt *elt,
- if (val->flags & HIST_FIELD_FL_STRING) {
- char *str = elt_data->field_var_str[j++];
- char *val_str = (char *)(uintptr_t)var_val;
-+ unsigned int size;
-
-- strscpy(str, val_str, val->size);
-+ size = min(val->size, STR_VAR_LEN_MAX);
-+ strscpy(str, val_str, size);
- var_val = (u64)(uintptr_t)str;
- }
- tracing_map_set_var(elt, var_idx, var_val);
-@@ -5352,6 +5354,7 @@ static void hist_trigger_elt_update(struct hist_trigger_data *hist_data,
- if (hist_field->flags & HIST_FIELD_FL_STRING) {
- unsigned int str_start, var_str_idx, idx;
- char *str, *val_str;
-+ unsigned int size;
-
- str_start = hist_data->n_field_var_str +
- hist_data->n_save_var_str;
-@@ -5360,7 +5363,9 @@ static void hist_trigger_elt_update(struct hist_trigger_data *hist_data,
-
- str = elt_data->field_var_str[idx];
- val_str = (char *)(uintptr_t)hist_val;
-- strscpy(str, val_str, hist_field->size);
-+
-+ size = min(hist_field->size, STR_VAR_LEN_MAX);
-+ strscpy(str, val_str, size);
-
- hist_val = (u64)(uintptr_t)str;
- }
---
-2.33.0
-
projects / thirdparty / kernel / stable-queue.git / commitdiff
